[Gllug] IMAPS

[Dave Cridland]

On Fri, 2002-05-17 at 14:25, Jonathan Dye wrote:
> Hi,
> 
> Does anyone know if IMAPS does password authentication in an encrypted
> session or is that done before the tunnel is set up?

"IMAPS" is IMAP done through a pre-setup TLS tunnel.

IMAP has a STARTLS command, too, which is generally better, however, OE
doesn't support it. Git.

Either way, authentication happens inside TLS, so it doesn't matter.

IMAP is SASL-aware, and can support useful things like CRAM-MD5 and
DIGEST-MD5, neither of which send the password in the clear. SASL does
have a PLAIN mechanism, when it's safely inside TLS.

> Also, off topic I guess but does anyone know what Outlook Express (or
> Outlook but I haven't looked) means when it says 'Use secure password
> authentication' in the user credentials panel of the mail account settings?
> It's not IMAPS because that is on a different page.

SPA is some Windows specific SASL mechanism. IIRC, it's documented as an
RFC, and I *think* it might be the same as MS-CHAP. But I'm not sure,
and can't find the RFC to hand at the moment.

Dave.



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug